Using BorderManager 3.6, Netware 5.1. All patches and updates
current.

I have been trying to get Automatic Update Notification to work
through our proxy with little success. I turned on filter debug to
watch for dropped packets and saw that every time PC's check for
updates, they use port 80, even though for normal browsing, they use
port 8080. So, I figured, OK, I will just open port 80 to Microsoft
so the Automatic update notification will work.

Well, Microsoft owns a class B network. I set the filter exception
to 207.46.0.0 with a mask of 255.255.0.0. When I try to access
Microsoft without using the Proxy, The packets get dropped at the
firewall.

If I set the exception to 207.46.134.0 with a mask of 255.255.255.0, I

can access sites in that subnet. But Windows Update could use any
number of IP addresses in the 207.46.0.0 subnet. This also happens
with other class B exceptions.

For example, If I set an exception of 130.57.0.0, mask of 255.255.0.0,

I cannot access Novell. But if I set the exception to 130.57.4.0,
mask 255.255.255.0, it works. For some reason, I cannot set an
exception for a class B network.

My public IP address is xxx.xxx.xxx.2 with a subnet mask of
255.255.255.0, since we have a class C, and our private subnet is
10.146.0.0 with a mask of 255.255.0.0.

This is very confusing. I though you could make an exception for anysize subnet as long as you followed the mask rules.

Any suggestion will be appreciated.

Mark